Friday, September 25, 2015

If you've been around like I have since the early days of WIF 1.0, VS 2010 and FedUtil, you will know about Vittorio's magic tool called SelfSTS which provided a really simple STS with configurable claims that you could use for testing without the hassle of running up a real IDP.

And then it disappeared and there was much chaos in the ranks over at stackoverflow.

There was also the "Identity and Access Tool" from VS 2012 - also late lamented and gone.

I found EmbeddedSts from thinktecture a while back but ran it up recently when I needed a quick STS for prototyping and was impressed.

It uses the .NET 4.5 library.

It's a NuGet package installed via:

Install-Package Thinktecture.IdentityModel.EmbeddedSts

There is a json file called "EmbeddedStsUsers.json" in the application's App_Data folder, If it's not there, it simply creates one viz:

I was having issues with a WIF web.config issue. The web.config had a thumbprint and I couldn't find the actual certificate in the ADFS server certificate store.

Duh - the ADFS encryption and signing certificates are not stored there if you use certificate rollover. They are apparently stored in the ADFS DB or in AD in a certificate container or .. There's a number of inconclusive posts on this matter.

But it did lead to me learning something about how to find a certificate from the thumbprint.

You you use the certificate plugin from mmc.

Right-click in the top level and then "Find Certificates".

Then you can put a thumbprint (or part of one) and search on "SHA1 Hash". There are other parameters you can search on as well.

You'll then get a list of the certificates that match and if you scroll over to the right, the stores that they are contained in.